Introducing Trusted Builds

We are proud to announce that we have added a new feature to the docker index called Trusted Builds. With this new feature it allows you to connect your GitHub account and add a post commit hook to your repository, so that when you push a commit, it will trigger a build and update your image inside of the docker index. This makes it really easy to keep your docker images up to date with your latest code.

You can tell which repositories are built from the Trusted Build service by looking for the “Trusted Build” badge on the repository page. Here is an example of a Trusted Build repository page.

The Trusted Build repository page, displays the Dockerfile used to create the repository, so you can see how it was created. It also has links to the Github project page, git repo, as well as a tar ball of the source that was used to generate the build.

How do I create a Trusted Build?

If you could like to create a trusted build you need to do the following.

Once the Trusted Build is configured it will automatically trigger a build, and in a few minutes, if there are no errors, you will see your new trusted build on the Docker Index. It will will stay in sync with your GitHub repo until you deactivate the Trusted Build.

If you want to see the status of your Trusted Builds you can go to your Trusted Builds page on the Docker index, and it will show you the status of your builds, and the build history.

You can even drill down and look at a particular build to see the logs that were generated, which is helpful to track down build issues.

It is important to note that this feature is still in beta, so if you find any bugs, or have suggestions, please let us know, so we can make it even better.

FAQ

1. Do I need to link to my GitHub account in order for this to work?

Yes, we only allow people who own the repositories to create the trusted builds for that repository

2. Where do I put my Dockerfile in my GitHub repo?

We recommend that you place it in the root of the project, but if that doesn’t work for you, you can place it somewhere else, and when you configure the trusted build, just let us know where it is located, so we can find it.

3. Do you support more then one Dockerfile per GitHub project?

Not at this time, but it is on our road map.

4. Can I add a trusted build for a private GitHub project?

Not at this time, but it is on our road map.

5. Can I create more then on Trusted build for the same GitHub project using different branches?

Not at this time, but it is on our road map.

6. Can I delete a trusted Build?

You can’t delete a Trusted Build, but you can mark it as inactive, so it doesn’t get updated in the future.

7. Can I push to a Trusted Build repository?

No, Trusted builds are protected, and they can only be updated via the Trusted Build service.

Introducing Trusted Builds

6 Responses to “Introducing Trusted Builds”

Can you express dependencies? i.e. I have a project who’s Dockerfile has a FROM “my/base” where “my/base” is a trusted build. If I push to the github project for “my/base” it would be nice to have the my project re-built too.

Tomas

Does this mean that the rest of images on index.docker.io should be treated as untrusted and never used? How can one trust a binary without a dockerfile? Is it possible to filter by this in index web application/cli?